9243 matches found
Gradio Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
A Regular Expression Denial of Service ReDoS vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression ^?:\snow\s?:-\s\d+\sdmhs??\s$ to process user input...
CVE-2024-8998
A Regular Expression Denial of Service ReDoS vulnerability exists in lunary-ai/lunary version git f07a845. The server uses the regex /.?/ to match user-controlled strings. In the default JavaScript regex engine, this regex can take polynomial time to match certain crafted user inputs. As a result...
CVE-2024-8789
Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service ReDoS attack. The application allows users to upload their own regular expressions, which are then executed on the server side. Certain regular expressions can have exponential runtime complexity relative...
CVE-2024-8789
Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service ReDoS attack. The application allows users to upload their own regular expressions, which are then executed on the server side. Certain regular expressions can have exponential runtime complexity relative...
CVE-2024-8763
A Regular Expression Denial of Service ReDoS vulnerability exists in the lunary-ai/lunary repository, specifically in the compileTextTemplate function. The affected version is git be54057. An attacker can exploit this vulnerability by manipulating the regular expression /.?/g, causing the server ...
CVE-2024-7779
A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular Expression Denial of Service ReDoS by manipulating regular expressions. This can significantly slow down the application's response time and potentially render it completely unusable...
CVE-2024-12720
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issu...
CVE-2024-12720
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issu...
CVE-2024-12391
A vulnerability in binary-husky/gptacademic, as of commit 310122f, allows for a Regular Expression Denial of Service ReDoS attack. The function '解析项目源码(手动指定和筛选源码文件类型)' permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take...
CVE-2024-12388
A vulnerability in binary-husky/gptacademic version 310122f allows for a Regular Expression Denial of Service ReDoS attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. This allows an attacker to send a small...
CVE-2024-12391
A vulnerability in binary-husky/gptacademic, as of commit 310122f, allows for a Regular Expression Denial of Service ReDoS attack. The function '解析项目源码(手动指定和筛选源码文件类型)' permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take...
PYSEC-2025-94
A Regular Expression Denial of Service ReDoS vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern r'+' to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attacker c...
CVE-2024-10955
A Regular Expression Denial of Service ReDoS vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern r'+' to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attacker c...
PYSEC-2025-94
A Regular Expression Denial of Service ReDoS vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern r'+' to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attacker c...
CVE-2024-10955
A Regular Expression Denial of Service ReDoS vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern r'+' to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attacker c...
CVE-2024-10624
A Regular Expression Denial of Service ReDoS vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression ^?:\snow\s?:-\s\d+\sdmhs??\s$ to process user input...
CVE-2024-10549
A vulnerability in the /3/Parse endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an...
CVE-2024-10624
A Regular Expression Denial of Service ReDoS vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression ^?:\snow\s?:-\s\d+\sdmhs??\s$ to process user input...
CVE-2024-10550
A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...
CVE-2024-12720 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issu...